CVE-2014-7933
libav - security update
EPSS 5.9%
Description
Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data.
How to fix CVE-2014-7933
To remediate CVE-2014-7933, upgrade the affected package to a fixed version below.
- Debian/ffmpeg—upgrade to 7:2.5.1-1 or later
- Debian/libav—upgrade to 6:0.8.17-1 or later
Is CVE-2014-7933 being exploited?
Moderate — EPSS is 5.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 7:2.5.1-1
- from 0, < 6:0.8.17-1